Crowdsourcing Interface Design for Presenting User Ratings of App Permissions
Apps’ access to hardware resources and sensitive user data can make them significant attack vectors on users’ security and privacy. Most app systems try to help users understand and manage the risk posed by apps by requiring some form of user consent, such as the install-time permission requests in the Android operating system. Unfortunately, many users lack the background and expertise needed to make informed decisions. Additionally, permission information is not typically presented in an easily user-comprehensible way. We suggest that user ratings of permissions (like user ratings of apps themselves) can supply the missing information users need for their decisions, and propose three user interfaces to display such information comprehensibly. In this talk, I will discuss the design and evolution of several interfaces, whose designs were informed and refined by feedback from Mechanical Turk workers. I will also discuss how Mechanical Turk can be used to bootstrap and expand the availability of permission ratings.